Digital Privacy LAWS A MUST Before Digital India

"We're able to view just everything that they do. And that's really where data is going today. Data is the new oil." - Bill Diggins, Verizon Wireless Precision Market Insights.

This quote clearly points to a shift that our world is undergoing today. Unfortunately, this shift is leading to rampant and free-wheeling capture of personal information about users on popular online social media platforms and mobile applications. This is due to lack of a proper framework that clearly outlines the boundaries for doing this.

So while it’s good to see growing use of online platforms, with e-commerce being the latest addition, what’s also required are a strict regulatory framework on how personal data of user users should be used. Otherwise, the Digital India Dream will soon turn into a nightmare. Here are some concerns to be looked into:

• No separate law designed exclusively for the data protection
• No specific national regulator dealing with administration of privacy laws
• No need to obtain any approval from government regarding data transfer agreements
• Who controls the data?
• Cybersecurity
• Digital literacy

Consumer Data Matters to the Market

Recently, LeadSquared integrated itself with Facebook Lead Ads thereby allowing lead capture through smartphones. So, what makes Facebook so appealing for customer acquisition platforms thriving on users’ information? First, Facebook users are known to tag their friends, location and life events. This is a good chunk of information were smartphone acts as the middle ware between the user and the social media. Second, mobile is mostly used by people on the move to access information, news or online shopping which means that their preferences can be tapped to provide customized advertisements directly to them. Knowledge is power is a common understanding but data will be the key holding it.

This data mining of most sought after information is made possible through social engineering and mobile applications most of which are constantly connected to the Internet. In these situations a rift appears between the service industry and the consumers. In India, very few people go through app’s terms and conditions before installing them which makes private data like photos or documents accessible and a certain level of reckless behavior is also visible on the social media thereby making it a one stop place for scraping user information. “Our latest findings reveal that even though Millennials have been immersed in online technology most of their lives, they are more reckless in many ways with only one in four believing they have most responsibility when an online crime occurs,” said Ritesh Chopra, Country Manager, India, Norton by Symantec.

Much of the Indian public lacks awareness about such critical issues and nothing has changed much in this past decade. This one size fits all approach by the policy makers regarding data laws makes the whole idea of digital India a digital illusion.

IoT and Privacy

A research, carried out by Fortify, part of HP Enterprise Security Products, confirmed that 70 per cent of the most commonly used IoT devices contain vulnerabilities, including password security, encryption and general lack of granular user access permissions. Most of the devices ask for personal information for certain services, which means that if the infrastructure is compromised then all the personal data is wide open for anyone to access. If the users misconfigure their home network, then they are exposing their data to wireless networks.

According to Cisco, the next nine billion devices connected to the internet in 2020 will use M2M technologies. Many of these devices will be used to link the physical world to the internet via sensors that take readings from their local environment and output the information up into the cloud. Therefore, improving the collection and storage of data with all the required tracking mechanisms should be the prime concern for the industry.

Loopholes in Data Collection

Most of the app developers aren’t much open about the data they’re sharing and how it’s being sold via the ad networks. It’s dangerous because the data stored on our phones can show where we live (Geo-location), where we work, and where we go as we are tied to it.

PC users can be tracked through browser cookies and many mobile apps, track through unique identifiers such as the UDID (Unique Device Identifier—the equivalent of your phone’s serial number) or IMEI (International Mobile Station Equipment Identity–the unique number mobile networks use to identify subscribers). So, in this connected world there is no such thing as untraceable.

Collective Ignorance

Consider this. India has the world’s second-largest Internet user base, overtaking the US in January 2016. Similarly, India is also poised to overtake the US as the second largest market for smartphones in the world by 2016. In spite of all these numbers the nation has faced a tremendous increase in cybercrimes including data theft. With cybercrime shifting towards mobile there is a persistent threat of private data being compromised. Also, India currently does not have comprehensive privacy legislation - but the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules 2011 formed under section 43A of the Information Technology Act 2000 defines a data protection framework for the processing of digital data.

With plans about smart cities and the advent of connected devices, the government should come up with solid plan for strict regulation around the collection, storage and use of information along with severe penalties for loss of data and breach notification.

Data Protection in Europe

European Union has always emphasized on privacy rights of the individuals and personal data can only be gathered legally under strict conditions, for a legitimate purpose. Also, all the collected personal information must be protected from misuse. In January 2012, the European Commission proposed a comprehensive reform of data protection rules which will give citizens back control over their personal data, and to simplify the regulatory environment for business. This data protection reform is a key component of the Digital Single Market prioritized by the commission and will allow European citizens and businesses to fully benefit from the digital economy. To recall, European Data Protection Directive was adopted in 1995.

To Conclude...

India can’t become digital without a robust framework of laws and regulations to safeguard the interest of the public and a new legislation dealing specifically with the protection of data and information present on the web is the need of the hour. However, a balance should be maintained between the interests of the common public and tightened grip on cybercrimes while drafting the laws.